2026-06-14 10:30:02 +02:00
|
|
|
---
|
2026-06-14 10:34:42 +02:00
|
|
|
- name: Assert public DNS data is sane
|
|
|
|
|
ansible.builtin.assert:
|
|
|
|
|
that:
|
|
|
|
|
- public_dns__domain | length > 0
|
2026-06-14 10:53:54 +02:00
|
|
|
- public_dns__records | selectattr('record', 'equalto', '@')
|
|
|
|
|
| selectattr('type', 'equalto', 'TXT') | list | length > 0
|
2026-06-14 10:34:42 +02:00
|
|
|
fail_msg: >-
|
2026-06-14 10:53:54 +02:00
|
|
|
public_dns__domain must be set and an SPF record (@/TXT) declared in
|
2026-06-14 10:34:42 +02:00
|
|
|
public_dns__records (group_vars/all/public_dns.yml).
|
|
|
|
|
run_once: true
|
|
|
|
|
|
|
|
|
|
- name: Ensure desired records are present (Gandi LiveDNS)
|
|
|
|
|
community.general.gandi_livedns:
|
|
|
|
|
domain: "{{ public_dns__domain }}"
|
2026-06-14 10:57:23 +02:00
|
|
|
record: "{{ item['record'] }}"
|
|
|
|
|
type: "{{ item['type'] }}"
|
|
|
|
|
values: "{{ item['values'] }}"
|
|
|
|
|
ttl: "{{ item['ttl'] | default(public_dns__default_ttl) }}"
|
2026-06-14 10:34:42 +02:00
|
|
|
state: present
|
|
|
|
|
personal_access_token: "{{ vault.gandi.pat }}"
|
|
|
|
|
loop: "{{ public_dns__records }}"
|
|
|
|
|
loop_control:
|
2026-06-14 10:57:23 +02:00
|
|
|
label: "{{ item['record'] }} {{ item['type'] }}"
|
2026-06-14 10:34:42 +02:00
|
|
|
run_once: true
|
|
|
|
|
when: public_dns__apply | bool
|
|
|
|
|
|
|
|
|
|
- name: Ensure unwanted records are absent (Gandi LiveDNS)
|
|
|
|
|
community.general.gandi_livedns:
|
|
|
|
|
domain: "{{ public_dns__domain }}"
|
2026-06-14 10:57:23 +02:00
|
|
|
record: "{{ item['record'] }}"
|
|
|
|
|
type: "{{ item['type'] }}"
|
2026-06-14 10:34:42 +02:00
|
|
|
state: absent
|
|
|
|
|
personal_access_token: "{{ vault.gandi.pat }}"
|
|
|
|
|
loop: "{{ public_dns__absent }}"
|
|
|
|
|
loop_control:
|
2026-06-14 10:57:23 +02:00
|
|
|
label: "{{ item['record'] }} {{ item['type'] }}"
|
2026-06-14 10:34:42 +02:00
|
|
|
run_once: true
|
|
|
|
|
when: public_dns__apply | bool
|